How to not make an API

The OUYA developers show you how not to make an API:

2015-06-17 23:50:59 POST https://devs.ouya.tv/api/v1/gamers/me/consoles?
                         auth_token=96bfeaae-212d-447b-b4bf-caa5e86c0502
                         ← 200 application/json 28B 357.87kB/s

Request
Accept-Language:                en-US,en
X-OUYA-VersionCode:             16
X-OUYA-Console-Id:              015d4b33bc64141b
X-OUYA-AuthToken:               96bfeaae-212d-447b-b4bf-caa5e86c0502
X-OUYA-Console-Wifi-MAC-Addres  B8:5A:F7:82:3C:C8
s:                              
X-OUYA-Firmware-Version:        1.2.1427_r1
X-Token:                        96bfeaae-212d-447b-b4bf-caa5e86c0502
Content-Type:                   application/x-www-form-urlencoded
X-OUYA-Device:                  ouya_1_1
Via:                            1.1 localhost
                                (Apache-HttpClient/UNAVAILABLE (cache))
Content-Length:                 75
Host:                           devs.ouya.tv
Connection:                     Keep-Alive
Accept-Encoding:                gzip
User-Agent:                     OUYA 0 1.00 1.2.1427_r1

URLEncoded form
auth_token:  96bfeaae-212d-447b-b4bf-caa5e86c0502
console_id:  015d4b33bc64141b

The same token 4 time in the same request, just to be sure it gets transmitted.

Written by Christian Weiske.

Comments? Please send an e-mail.